Overview
This chapter, Encapsulated Remote Switched Port Analyzer (ERSPAN), explains its function in mirroring network traffic via GRE tunnels for analysis. It covers features like higher payload support, GRE IPv6 and MPLS integration, partial packet capture, rate limiting, DSCP-based traffic classification, and multi-session monitoring with ACLs.
ERSPAN
This section explains how Encapsulated Remote Switched Port Analyzer (ERSPAN) monitors and mirrors network traffic from source ports to remote destinations via GRE tunnels. This feature enables real-time troubleshooting and automated analysis of specific network flows.
Configuration guidelines for ERSPAN
This section provides essential guidelines for configuring ERSPAN, including requirements for source and destination interfaces, supported traffic types, and encapsulation methods. Use these principles to ensure proper setup and functionality of remote traffic mirroring sessions.
Restrictions for ERSPAN
This section provides a list of limitations and restrictions for ERSPAN, such as unsupported traffic accounting and specific interface requirements for GRE next hops. Review these constraints to ensure your network configuration supports successful traffic mirroring.
Supported ERSPAN sessions
This section provides tables detailing the number of supported ERSPAN, local SPAN, and combined SPAN sessions across different software releases. Use this information to understand session limits based on your specific hardware and software version.
ERSPAN over GRE
This section explains how ERSPAN over GRE IPv6 enables the secure encapsulation and mirroring of IPv4 or IPv6 traffic.
Partial packet capture for ERSPAN
This section explains how partial packet capture allows ERSPAN to capture only a portion of incoming packets rather than the entire payload.
ERSPAN with flexible CLI
This section explains how the flexible CLI option for ERSPAN consolidates session properties, tunnel properties, and source interfaces into a standalone configuration object.
ERSPAN rate limit
This section explains how the ERSPAN rate limit feature prevents network congestion by controlling the amount of mirrored traffic sent to destinations.
ERSPAN rate-limit per destination
This section explains how to apply rate limits per source NPU to control the volume of mirrored traffic sent to ERSPAN destinations.
Traffic mirroring with DSCP
This section explains how traffic mirroring uses Differentiated Service Code Point (DSCP) values to classify and prioritize network traffic. By assigning different priority levels to packets, you can enhance the Quality of Service (QoS) for mirrored data.
Monitor ERSPAN sessions with SPAN and security ACLs
This section explains how to use SPAN and security ACLs together to monitor multiple ERSPAN sessions under the same source interface. This functionality allows you to distribute mirrored traffic across different destination interfaces while selectively allowing incoming traffic.
Selective packet capture for protocol and drops
This section explains how selective packet capture allows you to monitor specific network packets by filtering based on directions and protocol-specific attributes. Use this feature to optimize SPAN sessions, reduce mirrored traffic volume, and improve network troubleshooting efficiency.